am: d1eb4564

Change-Id: Ic7a0b8ad7469778a2cf5ef2673de493fe34eabd9

am: 6f443b87

Change-Id: I46dc0e9a5350dca7861fc81f0cf00d698c57ec0b

am: 5b4f15e1

Change-Id: Ic7c0de32ac3970c000062bc35bb0c50254510b3a

am: fdace232

Change-Id: I1bf9fc75321e57e9cf4c75b2fb46b66adfa1b720

am: a240947e

Change-Id: I508c25c5ea4c9e2c2b459e6247fdffd6412a2da6

am: daeb5e01

Change-Id: If2e1e939980f6c3c4c9aaf765b4418f11aef4084

am: f44c0dd7

Change-Id: Ic08c60058c959cd247849c43e76b5ea9971e3f5a

am: 530b8f52

Change-Id: Ide555826450bfc6872af89f3f5c3be27018fd7d9

am: 4cae28d4

Change-Id: Ie22e0c2a1c84188666a38dba21129e7547d83fbc

Bug: 35210697
Test: manual
Change-Id: I0e1e8923851f668d5fe6c210f411a8e4ff0470c7

On boot, Android runs restorecon on a number of virtual directories,
such as /sys and /sys/kernel/debug, to ensure that the SELinux labels
are correct. To avoid causing excessive boot time delays, the restorecon
code aggressively prunes directories, to avoid recursing down directory
trees which will never have a matching SELinux label.

See:
* https://android-review.googlesource.com/93401
* https://android-review.googlesource.com/109103

The key to this optimization is avoiding unnecessarily broad regular
expressions in file_contexts. If an overly broad regex exists, the tree
pruning code is ineffective, and the restorecon ends up visiting lots of
unnecessary directories.

The directory /sys/kernel/debug/tracing contains approximately 4500
files normally, and on debuggable builds, this number can jump to over
9000 files when the processing from wifi-events.rc occurs. For
comparison, the entire /sys/kernel/debug tree (excluding
/sys/kernel/debug/tracing) only contains approximately 8000 files. The
regular expression "/sys/kernel(/debug)?/tracing/(.*)?" ends up matching
a significant number of files, which impacts boot performance.

Instead of using an overly broad regex, refine the regex so only the
files needed have an entry in file_contexts. This list of files is
essentially a duplicate of the entries in
frameworks/native/cmds/atrace/atrace.rc .

This change reduces the restorecon_recursive call for /sys/kernel/debug
from approximately 260ms to 40ms, a boot time reduction of approximately
220ms.

Bug: 35248779
Test: device boots, no SELinux denials, faster boot.
Change-Id: I70f8af102762ec0180546b05fcf014c097135f3e

am: 05984847

Change-Id: Ib897f3fcc8471c1f40b85650ee6c997f2da0d9de

am: 137923a1

Change-Id: I5748e38ffdbefa08b66132080c934c44c5d02327

am: 6ebcfe47

Change-Id: I6999a1aaf79a559e0477166523ee71cfbfeb3a1b

Use the default filesystem label from genfs_contexts for the directory
/sys/kernel/debug/tracing and /sys/kernel/tracing, instead of explicitly
attempting to relabel it.

There are three cases we need to consider:

1) Old-style tracing functionality is on debugfs
2) tracing functionality is on tracefs, but mounted under debugfs
3) tracefs is mounted at /sys/kernel/tracing

For #1, the label on /sys/kernel/debug/tracing will be debugfs, and all
processes are allowed debugfs:dir search, so having the label be debugfs
instead of debugfs_tracing will not result in any permission change.

For #2, the label on /sys/kernel/debug/tracing will be debugfs_tracing,
which is the same as it is today. The empty directory
/sys/kernel/tracing wlll retain the sysfs label, avoiding the denial
below.

For #3, /sys/kernel/debug/tracing won't exist, and /sys/kernel/tracing
will have the debugfs_tracing label, where processes are allowed search
access.

Addresses the following denial:

avc:  denied  { associate } for  pid=1 comm="init" name="tracing"
dev="sysfs" ino=95 scontext=u:object_r:debugfs_tracing:s0
tcontext=u:object_r:sysfs:s0 tclass=filesystem permissive=0

Bug: 31856701
Bug: 35197529
Test: no denials on boot
Change-Id: I7233ea92c6987b8edfce9c2f1d77eb25c7df820f

Bug: 31399200
Test: Compiles
Change-Id: Ifb347a985df5deb85426a54c435c4a9c0248cb57

am: 43886cd4

Change-Id: I5af0c402f20be0337b25c92ad04abcfe7268e239

am: 90c9b826

Change-Id: Ifb3071a93642b52bf38ec05270b28aa3d273ce27

am: 3651bae6

Change-Id: Idbda0045c91888051350d77765d17f85d12d4046

There is only a single systemapi at the moment that is callable, and it is
protected by a signature/preinstalled permission.

(cherry picked from commit I778864afc9d02f8b2bfcf6b92a9f975ee87c4724)

Bug: 35059826,33297721
Test: manually on a marlin
Change-Id: I3789ce8238f5a52ead8f466dfa3045fbcef1958e

am: ac00a6a6

Change-Id: Ief3aed51353ce080ba0ac80ff0ab9c63a69495b7

am: 11f4f118

Change-Id: I66e7514bcccc8ba419df94bfb36c69eaf0ec8f5c

am: e6ff034a

Change-Id: I0cadd202cfa6f898df7ef4f8c128a91b4ff31675

Merge "domain_deprecated.te: remove auditallow statements on user builds" am: d4f93469 am: cbb98a6d
am: 7c3d127f

Change-Id: I5e2672fdd1f731cf09534e83713af0af6c62522f

am: 71b4e18a

Change-Id: Ib891f2cffa94efeeb44b9460373b794c669bc3c1

am: cbb98a6d

Change-Id: Ic248314f0f39a3206be126e9be64f41d4771f685

am: 75fa9d03

Change-Id: Ie029402582310750b6c8cae31475c4ca8f95d0c6

am: d4f93469

Change-Id: Idc8dc4fb33c8c10f2398c01af22d29635e16e0d9

am: f5f0c596

Change-Id: Iec73c9ac8ad891b7054f2e15b6b5d7afc3950064

am: 8bb9fa1b

Change-Id: I64488ed4c3b01595ff817fa85589962e995051de

am: 87aa5bb3

Change-Id: Id27b1fc016d6916d5a1597a55de42e82b38a5263

am: b2513f98

Change-Id: I67af386f16cb643f3bb13c993c76728bc42d8516

* changes:
  init.te: remove domain_deprecated
  Remove logspam

Addresses
avc:  denied  { find } for service=vrmanager pid=472 uid=1000
scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:vr_manager_service:s0
tclass=service_manager

Test: Marlin builds and boots. Denial no longer observed.
Bug: 35258608
Bug: 35197529
Change-Id: I480dff3fdaf01f71e29e96f08350f705c6a23bba